SSO using JSON POST?

coriolis_75734 · ‎27-Jul-2017

Is it possible using APM to create a JSON payload containing the username/password to be used on particular start URIs? We have an app which requires this as the POST on the sign in page and i'm trying to SSO with the known user credentials.

coriolis_75734 · ‎27-Jul-2017

further information:

JSON:

{"parameters":[{"name":"CAMNamespace","value":"NamespaceName"},{"name":"h_CAM_action","value":"logonAs"},{"name":"CAMUsername","value":"USERNAME"},{"name":"CAMPassword","value":"PASSWORD"}]}

Josiah_39459 · ‎27-Jul-2017

Does the app have a logon page? If there is a logon page then formsv2 should work in most instances. It works just like a user would logging into the page and automatically submitting the form.

If the ONLY way to logon is posting JSON to a specific url (and there is no UI interface for it), you could still do that via a sideband irule.

Yann_Desmarest · ‎17-Aug-2017

Hi,

You can use an irule to build a POST request with JSON payload and send it using the sideband commands.

You can also use an HTTP Authentication object (in AAA tab) and build your request headers and payload. HTTP Authentication can be triggered from within the VPE only.

If you need to trigger the SSO after authentication process complete, you can only use an irule or iruleLX.

Yann

The-messenger · ‎20-Aug-2018

Where can I find out more on this? I have apps with their own login page, one is mobile, I need to secure these with APM. I realize this isn't a checkbox solution but where can I find info on how to do the steps in the process?

There are several threads where someone is doing the same, with no answers. I've been working, trial and error with a mobile app, trying to capture the creds and submit to the mobile app server. There's a lot of trial and error. Documentation on this process would be great.

youssef1 · ‎21-Aug-2018

Hi,

As I mentioned Yann, the use of SIDEBAND is a good compromise for this kind of situation. in the past I already had to make irules to overcome this problem because basic SSO profiles did not meet my needs.

and in some cases in addition to the SSO I had to replay some headers (CSRF).

now I have gained some comfort for this kind of need so if you need help on the subject I can bring it to you (Try to built an irule).

Keep me in touch.

Regards

schmuck · ‎22-May-2019

Hi ,

Can you explain how you did this with the sideband rule?

The-messenger · ‎24-Aug-2018

Josia, what is formsv2?

Yann_Desmarest · ‎24-Aug-2018

Hi, Josiah may refer to Form Based SSO or Client Initiated Form Based SSO. Those are the only two options available for HTTP forms SSO. Traditional Forms SSO can fit if there is no dynamic hidden input in the form. Client Initiated Forms SSO help when Traditional Forms SSO won't works.

Hope it helps

Yann

Abed_AL-R · ‎18-Jan-2020

Hello guys

I'm have a problem in the forum based which I think it is related to this topic

Using APM v13.1, When I create a forum based for a web application configured in the portal access, I got this error message from the web application:

{"Message":"The request entity's media type 'application/x-www-form-urlencoded' is not supported for this resource."}

Does this mean I should customize the web application code to accept: x-www-form-urlencoded for the forum based to work ?

Thanks

Abhisar · ‎14-Jul-2022

Hi

I an facing same issue? You were able to fix? Can you share steps.

thanks

DevCentral

SSO using JSON POST?

Khoros Kudos Award 2022